
IN THE CLAIMS 



Please amend the claims as set forth below. 



1. 



(Cancelled) 



2. 



(Cancelled) 




'(Currently Amended)~ The method ofClaim 2, A method for key management. 



generating a set of encrypted bits at a security server; 

transmitting said set of encrypted bits from said security server to an 
application server; 

broadcasting said set of encrypted bits from said application server to a 
plurality of recipients, said set of encrypted bits comprising information for generating 
a set of encryption/decryption bits; 

transmitting said set of encrypted bits from a first recipient to said security 

server; 

authenticating said first recipient at said security server; 

transmitting a first set of bits from said security server to said first recipient if 
said first recipient is authenticated, said first set of bits being a subset of said set of 
encrypted bits in decrypted form and comprising information for generating a set of 
encryption bits: 

generating said set of encryption bits at said first recipient from said first set of 

bits: 

encrypting a data stream at said first recipient using said set of encryption bits 
to form a first encrypted data stream; and 

broadcasting said first encrypted data stream from said first recipient with said 
set of encrypted bits to a plurality of receivers: 



comprising: 
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wherein said set of encrypted bits further comprises information selected from the 
group consisting of a policy, a message digest, and a data and time stamp, and further 

wherein said policy comprises information selected from the group consisting of 
security levels of said recipients and classification of said data stream. 

j£ (Currently Amended) The method of Claim ^ wherein said authenticating 
comprises: 

establishing a private access line ("PAL") between said security server and 
said first recipient, comprising: 

transmitting an identification of said first recipient to said security 

server; 

decrypting said set of encrypted bits at said security server to obtain 
access information; and 

comparing said identification to said access information to establish 
authentication when said identification matches said access information. 
^ (Currently Amended) The method of Claim further comprising: 

transmitting said set of encrypted bits from a first receiver to said security 

server; 

authenticating said first receiver at said security server; 
transmitting a second set of bits from said security server to said first receiver 
if said first receiver is authenticated, said second set of bits being a subset of said set 
of encrypted bits in decrypted form and comprising information for generating a set of 
decryption bits; 

generating at said first receiver said set of decryption bits from said second set 
of bits; and 
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decrypting said first encrypted data stream using said set of decryption bits at 
said first receiver. 

J^fc (Currently Amended) The method of Claim ±/?£ wherein said broadcasting 
said first encrypted data stream further comprises: 

dividing said first encrypted data stream into a plurality of data sections; and 
attaching said set of encrypted bits to each of said data sections, each said data 
section having a corresponding offset value, said offset value is an offset between the 
starting address of said first encrypted data stream and the starting address of said data 
section. 



7. (Cancelled) 

8. (Cancelled) 



6> 



X- (Currently Amended) The method of Claim %^ further comprising returning 
a set of bits corresponding to a stored set of encrypted bits from said memory if said set of 
encrypted bits matches said stored set of encrypted bits. 

(p y£ (Currently Amended) Th e method of Claim 8, A method for key management, 
comprising: 

generating a set of encrypted seal bits at a security server; 

transmitting said set of encrypted bits from said security server to an 
application server; 

broadcasting said set of encrypted bits from said application server to a 
plurality of recipients, said set of encrypted bits comprising information for generating 
a set of encryption/decryption bits; 

transmitting said set of encrypted bits from a first recipient to said security 



server; 



authenticating said first recipient at said security server; 
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transmitting a first set of bits from said security server to said- first recipient if 
said first recipient is authenticated, said first set of bits being a subset of said set of 
encrypted bits in decrypted form and comprising information for generating a set of 
encryption bits: 

generating said set of encryption bits at said first recipient from said first set of 

bits; 

encrypting a data stream at said first recipient using said set of encryption bits 
to form a first encrypted data stream; and 



broadcasting said first encrypted data stream from said first recipient with said 
set of encrypted bits to a plurality of receivers; 

wherein said application server comprises a memory for storing said set of 
encrypted bits and a corresponding set of bits containing said information for 
generating a set of encryption/decryption bits; 

further comprising comparing said set of encrypted bits to a plurality of sets of 
encrypted bits in said memory; 

wherein said set of encrypted bits fails to match any of said stored set of 
encrypted bits in said memory, further comprising: 

transmitting an identification of said first receiver to said security server; 

decrypting said set of encrypted bits at said security server to obtain access 
information; and 

comparing said identification of said receiver to said access information to 
establish authentication when said identification matches said access information. 



said set of encrypted bits and said corresponding set of bits containing said information for 
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generating a set of encryption/decryption bits in said memory subsequent to- said 
authentication. 

$ Xf. (Previously Presented) The method of Claim ytf\ further comprising deleting a 
least recently used set of encrypted bits and its corresponding set of bits from said memory 



when said memory is full. 

jtf. (Currently Amended) The method of Claim Ig, further comprising 



/ 



broadcasting said first encrypted data stream in datagram packets, wherein said set of 

encrypted bits is attached to each of said datagram packets. 
/O 

/ Jfl*. (Currently amended) Th e method of Claim 1, A method for key management, 
comprising: 

generating a set of encrypted seal bits at a security server; 

transmitting said set of encrypted bits from said security server to an 
application server; 

broadcasting said set of encrypted bits from said application server to a 
plurality of recipients, said set of encrypted bits comprising information for generating 
a set of encryption/decryption bits; 

transmitting said set of encrypted bits from a first recipient to said security 

server; 

authenticating said first recipient at said security server; 

transmitting a first set of bits from said security server to said first recipient if 
said first recipient is authenticated, said first set of bits being a subset of said set of 
encrypted bits in decrypted form and comprising information for generating a set of 
encryption bits; 

generating said set of encryption bits at said first recipient from said first set of 



bits; 
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encrypting a data stream at said first recipient using said set of encryption bits 
to form a first encrypted data stream; and 

broadcasting said first encrypted data stream from said first recipient with said 
set of encrypted bits to a plurality of receivers, further comprising: 

appending said set of encrypted bits to said first encrypted data stream; and 

transmitting a second encrypted data stream from said first receiver to said first 
recipient, wherein a second set of encrypted bits is appended to said second encrypted 
data stream. 



15. (Cancelled) 

16^ (Cancelled) y j 

(Currently Amended) The method of Claim ±6>8' further comprising 
returning a permit corresponding to a first previously opened seal from said memory if said 
seal matches said first previously opened seal. 

(Currently Amended) Th e method of Claim 16, A method for opening a seal, 
wherein said seal comprises a set of encrypted bits comprising information for generating a 



set of encryption/decryption bits, comprising: 

providing a client having memory for storing previously opened seals and their 
corresponding permits, each of said permits being a subset of a corresponding seal and 
containing information for generating said set of encryption/decryption bits; 
transmitting said seal from a security server to said client; and 
comparing said seal to said previously opened seals in said memory , further 
comprising: 

transmitting said seal and identification from said client to said security server 
if said seal fails to match any of said previously opened seals in said memory; 

decrypting said seal at said security server to obtain access information; and 
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comparing said identification with said access information to obtain authentication if 
said identification matches said access information. 
/ Jj#f. (Previously Presented) The method of Claim ^ further comprising storing 
said seal and its corresponding permit in said memory if said client is authenticated. 

/ (Previously Presented) The method of Claim ^J^ffurther comprising deleting a 

least recently used previously opened seal and its corresponding permit when said memory is 
full prior to said storing. 

21. (Cancelled) 

22. (Cancelled) 

23. (Cancelled) 
\_2£ (Cancelled) 

(Currently Amended) The method of Claim 2 4 , A method for key exchange 
and synchronization over a duplex channel, comprising: 



transmitting a first encrypted data stream having a first seal appended to the 
head of said first encrypted data stream from a first party to a second party, said first 
seal being a first set of encrypted bits comprising information for generating a first set 
of encryption/decryption bits; 

transmitting a second encrypted data stream having a second seal appended to 
the head of said second data stream from said second party to said first party, said 
second seal being a second set of encrypted bits comprising information for generating 
a second set of encryption/decryption bits; 

transmitting said first seal from said second party to a security server; 

authenticating said second party at said security server; 

transmitting a first permit from said security server to said second party if said 
second party is authenticated, said first permit being a subset of said first seal, in 

-8- Serial No. 09/370,384 



LAW () I- KICKS OK 
MuWhir\<»tl. Rwok. C'htrp & 
Held UJ- 
1 7(0 Tcvtinok^y ITtfw 
Suirc 22f> 
San Jikc. (A^IIO 

l"a\(4lK>.V>2-y>2 



decrypted form, and containing information for encrypting/decrypting said first 
encrypted data stream; 

generating a first set of decryption bits at said second party; 

decrypting said first encrypted data stream at said second party using said first 
set of decryption bits; the method further comprising: 

transmitting said second seal from said first party to said security server; 

authenticating said first party at said security server; and 

transmitting a second permit from said security server to said first party if said 
first party is authenticated, said second permit being a subset of said second seal, in 
decrypted form, and containing information for encrypting/decrypting said second 
encrypted data stream. 
/ b 26? (Previously Presented) The method of Claim25, further comprising: 

generating a second set of decryption bits at said first party; and 

decrypting said second encrypted data stream at said first party using said 
second set of decryption bits. 
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